Chemical Process Safety

To know is to survive and to ignore

fundamentals is to court disaster.
-H. H. Fawcett (1982)
Definitions
Safety/loss prevention: the prevention
of accidents through the use of appropriate
technologies to identify the hazards of
chemical plant and eliminate them before
an accident occurs.
Hazard: a chemical or physical condition
that has the potential to cause damage to
people, property, or the environment.
Risk: a measure of human injury,
environmental damage, or economic loss in
terms of both the incident likelihood and
the magnitude of loss and injury.
Safety Programs
System
Attitude
Fundamentals
Experience
Time
You
Safety Programs contd

A Good safety program identifies and

eliminates existing safety hazards
An Outstanding safety program has
management system that prevent
existence of safety hazards
AIChE Code of Professional Ethics:
Fundamental Principles
Engineers shall uphold and advance
the integrity, honor, and dignity of
the engineering profession by
Using their knowledge and skill for the
enhancement of human welfare
Being honest and impartial and serving
with fidelity the public, their employers
and clients
Striving to increase the competence and
prestige of the engineering profession
AIChE Code of Professional Ethics:
Fundamental Canons
Engineers shall hold paramount the safety,
health and welfare of the public in the
performance of their professional duties
Engineers shall perform services only in
areas of their competence
Engineers shall issue public statements only
in an objective and truthful manner
Engineers shall continue their professional
development throughout their careers and
shall provide opportunities for the
professional development of those engineers
under their supervision.
 Types of Chemical Plant Accidents

Type of Probability Potential Potential

accidents of for for
occurrence fatalities economic
loss
Fire High Low Intermediate

Explosion Intermediate Intermediate High

Toxic Low High Low

release
Statistics
Acceptable Risk & Public Perceptions
We cannot eliminate risk entirely
In a single Chemical Process plant the risk
becomes too high because of multiple
exposure to several processes
Modern site layout requires sufficient
separation of plants within site to minimize
multiple exposure
Public perception about hazards of
chemicals can be confusing and may not
reflect the real situation
Japans Nuclear Crisis: 11
March, 2011

Bangladesh
Electricity consumption (2003) 16,196 GWh
Fukushima I (Daiichi) Nuclear Power Plant
Annual generation 29,891 GWh
Nuclear Reactor
What Happened?
The earthquake caused all operating reactors to
automatically shut down (control rods are inserted, which
stop the nuclear fission reaction by absorbing neutrons)
Emergency diesel generators, which started to run the
cooling system after the electrical power grid failed, shut
down about an hour after the earthquake
When cooling fails in a fully operational reactor or shortly
after shutdown, the water quickly boils off creating
increasing steam pressure in the core containment vessel
and exposing the dry fuel assembly to increasing
temperatures and radiation. The zirconium metal assembly
reacts with the steam to give hydrogen and oxygen, an
explosive mix
Responses to the Threat
First, the plants operators attempted to pump cold sea
water directly into the reactors to replace the boiled-off
coolant water. (Sea water is very corrosive and will
undoubtedly damage the metal parts of the reactor, and its
complex mixture of contents will also complicate the cleanup.
This means to never running it again without a complete
replacement of its hardware. As an added precaution, the
seawater was spiked with a boron compound in order increase
the absorption of neutrons within the reactor).
Next, the bleeding off of some pressure from the reactor
vessel in order to lower the risk of a catastrophic failure.
(This was also an unappealing option, given that the steam
would necessarily contain some radioactivity. Still, it was
considered a better option than allowing the container to burst)
Design Errors
The electrical rooms at these plants are at the
basements
Although the plant was ready for an extreme
event, it clearly wasnt designed with a tsunami
in mindit is simply impossible to plan for
every eventuality. However, this seems to be a
major omission given the plants location. It
also appears that the fuel storage areas werent
nearly as robustly designed as the reactors
Design Errors (contd)

However it is human nature for the less immediate

backup systems to be not well designed or maintained as
the primary backups, one example is the temporary
holding ponds. temporary storage pool for reactor #4 to
which the fuel had been transferred while maintenance is
performed is a much smaller one near the top the
reactor. Unlike the 15-metre deep permanent storage
pools
Another example is that the backup portable generators
planned for when the batteries were exhausted
which is the 3rd (or 4th ) backup for power generation
had the wrong connectors and so could not be used
Case History 1: ( Washington DC,
Manufacturing Chemists association)

Static Electricity :Tank car loading

explosion
Two plant operators were filling a tank
car with vinyl acetate. After few seconds
the contents of the tank exploded, one
operator died from fractured skull and
body burns
Caused by a static spark jumped from
the steel nozzle to the tank car
Case History 2: ( Washington DC,
Manufacturing Chemists association)

Chemical Reactivity
Bottle of isopropyl ether; A chemist
twisted the cap of a bottle of isopropyl
ether to open it. As the cap broke loose,
the bottle exploded. The man died due to
massive internal hemorrhage.
Caused by rapid decomposition of
peroxides, which formed in the ether
while the bottle sat in storage.
Case History 3: ( Washington DC,
Manufacturing Chemists association)

System Design
Ethylene oxide explosion: A process storage
tank contained 6500 gal of ethylene oxide. It
was accidentally contaminated with ammonia.
The tank ruptured and dispersed ethylene oxide
into the air. A vapor cloud was formed and
immediately exploded. One person was killed
and nine were injured; property losses $16.5
million
Lack of design protection to prevent back up of
ammonia into the storage tank.
Case History 4: ( Washington DC,
Manufacturing Chemists association)

System Procedure
Man working in a Vessel: two
maintenance workers were replacing part
of a ribbon in a large ribbon mixer. The
main switch was left energized, the
mixer was stopped with one of three
start-stop buttons. The operator by
mistake pushed one of the start stop
button , the mixer started and the
mechanic inside was killed.
Example of Disaster: Bhopal, India
(December 3, 1984)
Plant Location: Madhya Pradesh, central
India; nearest inhabitants were 1.5 miles
away, but a shanty town grew nearby.
Produced Pesticides; owned by Union
Carbide and partially owned locally
Intermediate compound methyl iso-cyanate
(MIC): reactive, toxic, volatile, flammable
and vapor heavier than air.
MIC unit was not operating because of
labor dispute
Example of Disaster contd

Accident:
Storage tank containing large amount of MIC
became contaminated by water, heated by
reaction; vapor traveled through pressure relief
system into a scrubber and flare system that
was not operating
25 tons toxic MIC vapor released, spread to the
adjacent town killing over 2000 civilians and
injuring 20,000 more. No plant workers were
killed.
Recommendation:
Alternative reaction scheme or redesigning of
the process with reduced inventory of MIC (less
than 20 pounds)
CO2 Stripper Failure of UFFL-
1991 (Ghorashal)
CO2 stripper contains carbamate
solution,CO2 and ammonia and runs
under high pressure
Stripper column exploded and split
into two halves in middle section
during trial run
11 deaths including the project
director
CO2 Stripper Failure of UFFL-
1991 (Ghorashal)
Accident due to fabrication defect-crack
in welding joint. Safety valve did not
blow and the pressure was within
permissible limit
Field test was not done, vendors carried
out the test
Power generation system tripped, no
emergency light, rescue team arrived
after more than an hour, colleagues in
nearby residence did not come out
Hazard Identification
What are the hazards?
What can go wrong?
What are the chances?
What are the consequences?
Hazard Identification and Risk
Assessment Procedure
System description

Hazard identification

Scenario identification

Accident probability Accident consequences

Risk determination

Modify
no 1. process or plant
Risk and/or hazard 2. process operation
acceptance 3 emergency response
4 other
yes

Build and/or operate

system
Hazard Identification Methods
Process hazards check lists
Hazard surveys
Hazards and operability (HAZOP)
studies
Safety review
What-if analysis
Example: DAP Process
Hazards and Operability (HAZOP)
Studies
Begin with a detailed flow sheet and break the flow
sheet in to a number of process units
Choose a study node (Vessel, line etc.)
Pick a process parameter: flow, level, T, P,
concentration, pH, viscosity , reaction etc
Apply a guide word to suggest possible deviation
If the deviation is applicable determine possible
causes and note any protective system
Evaluate the consequences
Recommend action
Record all information
HAZOP Analysis Worksheet-I
HAZOP Analysis Worksheet-II
Example: Cooling
HAZOP Analysis Worksheet-I
What-if Analysis
Begin with process description, drawings and
operating procedures
Identify hazards by applying the words
what-if to a a number of areas of
investigation
Find out
the potential consequences
how to solve any problems
Recommend action
Record all information
What-if Analysis Worksheet
Risk Assessment
Risk assessment includes
Incident identification: describes how an
accident occurs and analyses
probabilities
Consequence analysis: describes the
expected damage, including loss of life,
damage to environment or capital
euipment and days outage
Fault Trees Method
Fault trees are a deductive method
for identifying ways in which hazards
can lead to accidents.
It started with a well-defined
accident, or top event, and works
backward toward the various scenario
that can cause the accident
Example: Chemical Reactor with an
Alarm
Fault Trees
Aids for Recommendation
Control plant modifications
User friendly designs
Block valves
Double block and bleed
Preventive maintenance
Analyzers
Block Valves
Double Block and Bleed
References
Guidelines for Hazard Evaluation
Procedures (second edition with
worked examples)
Center for Chemical Process Safety, AIChE

Chemical Process Safety:

Fundamentals with applications
Daniel A. Crowl and Joseph F. Louvar